Bug 440195
Summary: | Feature request: Support for directory level audit with recursion before 2.6.24 kernel and above at userspace | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | abhishek <abhikiki> | ||||
Component: | audit | Assignee: | Steve Grubb <sgrubb> | ||||
Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 8 | ||||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-09-25 18:32:16 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
abhishek
2008-04-02 07:37:09 UTC
Created attachment 300021 [details]
This patch add directory level audit with recursion feature in userspace
Hi...first, thanks for the patch. But I'm not sure this is a good idea since it does not provide complete coverage. IOW, if you have a rule for /etc and a new file goes into /etc and its edited, the rule will not pick it up since auditctl builds a list at the time it applies the rule instead of continuously. Its for this reason we opted to provide coverage in the kernel rather than user space. Also, auditctl -l takes the rules and reformats them to appear as close as possible to the rule that is in the audit.rules file. I don't think this patch can figure out what the original rule is unless its does a lot of extra processing. I do appreciate the patch, but I don't think I can merge it with the current code base (see comment #2). Thank you for the offer, though. |